KV plugin filter not working

br14nb0 · May 29, 2018, 2:54pm

This is my config filter
grok {
match => { "message" => "<%{INT:number}>%{SYSLOGTIMESTAMP:timestamp}%{SPACE}%{NOTSPACE:app}%{SPACE}%{NOTSPACE:logsource}[%{WORD:status}]%{SPACE}%{INT:eventid}%{SPACE}%{GREEDYDATA:mess}.%{SPACE}%{GREEDYDATA:service}:%{SPACE}%{GREEDYDATA:wininfo}"}
}
kv {
source => "wininfo"
value_split => ":"
field_split => "\x7f+"}
}

Character "\x7f" is DEL character, it seperates the pairs. But kv not working at all. Thanks for any helps

rcowart · May 29, 2018, 3:17pm

field_split takes only a single character. You need to use field_split_pattern which takes a regex.

br14nb0 · May 30, 2018, 2:14am

I am using logstash 6.1.0, and this is my ERROR when use split pattern
[ERROR][logstash.filters.kv ] Unknown setting 'field_split_pattern' for kv
I checked the document about KV filter, I don't understand why it is false.

rcowart · May 30, 2018, 8:04am

You can update the plugin by running logstash-plugins update logstash-filter-kv or just update all plugins with logstash-plugins update

br14nb0 · May 30, 2018, 8:43am

Okay thanks. I solved it

system · June 27, 2018, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
KV filter not working Logstash	5	2272	June 28, 2017
KV Plugin Not working Logstash	9	674	August 27, 2019
KV filter not splitting log Logstash	1	254	October 1, 2020
KV Filter Pattern Usage Logstash	1	577	April 23, 2018
Kv filter seems to be working Logstash	2	317	September 26, 2019

KV plugin filter not working

Related topics